"OAuth 2.0 public clients utilizing the Authorization Code Grant are susceptible to the authorization code interception attack. This specification describes the attack as well as a technique to mitigate against the threat through the use of Proof Key for Code Exchange (PKCE@ pronounced ""pixy"")."
RFC 7636-2015 history
2015RFC 7636-2015 Proof Key for Code Exchange by OAuth Public Clients